The recent iOS 9.0.1 Update fails to fix the Lock screen Bypass flaw

Pierluigi Paganini September 26, 2015

Apple recently released its first update to the new iOS 9, but experts noticed that it doesn’t fix the lock screen bypass vulnerability.

Apple has already released its first update for the release iOS, the version iOS 9.0.1 was issued last week to fix a number of bugs.

Last week Jose Rodriguez reported the lock screen bypass vulnerability affecting the iPhone devices, today I have to inform you that the last update doesn’t fix the security issue.

The flaw is considered serious because it allows bypassing the lock screen mechanism that protects the iPhone and the iPad from unauthorized access. An attacker can access users’ contacts and personal photographs bypassing the lock screen mechanism implemented in iOS 9.0 and iOS 9.0.1 versions.

ios 9

Rodriguez has published a step-by-step guide to bypass the lock screen mechanism that normally requests the passcode on iOS 9 and iOS 9.0.1 devices.

Let me remind you that the attack relies on the Apple’s personal assistant Siri, other security experts have verified the lock screen bypass vulnerability affects all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1.

 

The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1.

Waiting for a patch, iOS users can disable Siri on the lock screen by modifying the settings of the device from

Settings > Touch ID & Passcode

Once disabled, users will be anyway able to continue using Siri after unlocked their iOS 9 based device.

[adrotate banner=”9″] [adrotate banner=”12″]

Edited by Pierluigi Paganini

(Security Affairs – iOS 9.0.1, Lock Screen Bypass flaw)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment